Cyber security deal highlights threats from spying

Hannah Kuchler and Richard Waters

Thursday, 2 Jan 2014 | 8:34 PM ETFinancial Times

SHARES

Mandiant, a U.S. cyber security company at the forefront of fighting a new wave of cyber attacks, has been bought for more than $1 billion, in a deal that highlights the growing concern about government-backed online spying from China and the U.S. National Security Agency.

In the largest U.S. cyber security deal in recent years, FireEye, a New York-listed cyber threat detection company, has acquired Mandiant, the security technology company that last year accused the Chinese military of hacking more than 100 U.S. companies.

David De Walt, chairman and chief executive of FireEye, said the revelations of the NSA mass surveillance program and Mandiant's report on Chinese hackers had "accelerated business opportunities" for the company.

Maciej Frolow | Photographer's Choice RF | Getty Images

"A lot of companies, organisations and governments said 'look how pervasive these superpowers are in monitoring and stealing from these companies'," he said. "There is an accelerating awareness that just wasn't there a year ago."

Mr DeWalt, who was chief executive of McAfee and sold the antivirus software maker to Intel in 2010, said FireEye and Mandiant were the forefront of a new generation of cyber security protection that would replace the older antivirus model.

FireEye could respond in "seconds or minutes" to the advanced threat posed by, for example, a "particularly nasty nation state attacker," and then pass the issue – malware, for example – to Mandiant to "fix in real time", he said.

The deal, for more than $900 million in FireEye stock at Thursday's price and $106.5 million cash, is the largest cyber security deal for at least three years, according to Dealogic, the acquisitions research firm. The number of cyber security deals in the United States doubled in 2013, with 10 compared with five each year in 2012 and 2011.

McAfee's top security threats for 2014

Michelle Dennedy, chief privacy officer at McAfee, discusses the top cybersecurity and privacy threats to consumers in 2014. CNBC's John Fortt weighs in.

Kevin Mandia, Mandiant's founder and a former U.S. military cyber crime investigator, said that when he started the firm in 2004, its message that security breaches were inevitable and companies had to work on eliminating the consequences "did not fly".

With venture capital reluctant to invest in the idea, he funded the business himself. "Now it is absolutely generally accepted that you cannot solely rely on preventive services," said Mr Mandia, who will become FireEye's chief operating officer.

To speed up their response to threats, the companies profile hackers and try to predict the types of malware they will try to load on to a machine, much as detectives spot patterns in the behaviors of criminals.

"On the front line of the cyber battlefield you have to be able to say . . . it is these guys in St Petersburg who normally use these 18 pieces of malware," Mr Mandia said. He added that, five years ago, when companies focused on antivirus programs, it could take months to discover hackers had accessed a network.

Mandiant started as a security consultancy service but has since developed its own software to help protect against advanced persistent threats such as nation state attacks. More than 30 percent of the Fortune 100 have used Mandiant's services when their computers have been hacked.